<?php
// check if comment has been posted and by who
$Email = isset($_POST['Email']) ? $_POST['Email'] : null;
$Password = isset($_POST['Password']) ? $_POST['Password'] : null;
$LastName = isset($_POST['LastName']) ? $_POST['LastName'] : null;
$FirstName = isset($_POST['FirstName']) ? $_POST['FirstName'] : null;
$PreferredName = isset($_POST['PreferredName']) ? $_POST['PreferredName'] : null;


//create the parts needed to connect to db
function CreateHandle()   {
	$host = "localhost";
  	  //include the information as found in your email about the jose server
	$user = "lr12aas";
  	$pass = "u3CJFB4r";
  	$db = "dblr12aas";
	
// make string from parts and connect to database    
$mysqli = new mysqli($host, $user, $pass, $db);
    if (mysqli_connect_errno()) {
 
//connection problem
	echo "<p class='crying'>Connection problem</p>";
	return false;} 
	else {
	return $mysqli;
	}
	}

// validate string min and max lengths
	function IsValid($str, $min, $max) {
	$regex = '/^[A-Za-z0-9\s\.\,]{' . $min . ',' . $max . '}$/';	
	return preg_match($regex, $str); 
	}

//check if the page has posted back
if (isset($FirstName)){
//validate the data against lengths and regex
	$FirstNameOK = IsValid($FirstName, 1, 50);

//if everything's ok filter and submit comment to database.
	if(($FirstNameOK))
	{
	$handle = CreateHandle();
	$filteredEmail= $handle -> real_escape_string($Email);
	$filteredPassword= $handle -> real_escape_string($Password);
	$filteredLastName= $handle -> real_escape_string($LastName);
	$filteredFirstName= $handle -> real_escape_string($FirstName);
	$filteredPreferredName= $handle -> real_escape_string($PreferredName);

	$sqlString = "INSERT INTO student (Email, Password, LastName, FirstName, PreferredName) VALUES ("
		         . "'" . $filteredEmail . "', "
				 . "'" . $filteredPassword . "', "
				 . "'" . $filteredLastName . "', "
				 . "'" . $filteredFirstName . "', "
				 . "'" . $filteredPreferredName . "'"
				 . ")"	;
	
	$handle -> query($sqlString);
  }
    //If not, tell learner something's wrong with form
	else {
	echo "<p class='crying'>Please check the form!</p>"; 
	 }
	echo $sqlString;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="styles/styles.css" type="text/css" rel="stylesheet"/>
<script src="scripts/scripts.js" type="text/javascript"></script>
<title>Session 7.2 - About me</title>
</head>
<body>
<div id="header">
</div>
<div id="container">
 <div class="main-wrap">
<h1 id="pageTitle">Assessment</h1>
  <form id="NewStudentForm" action="./test.php" method="post" >
    <label for="FirstName" class="formLabel">First Name</label>
    <input type="text" name="FirstName" id="FirstName" pattern="[A-Za-z0-9\s]{1,50}"/>
    <br/>
    <label for="LastName" class="formLabel">Last Name</label>
    <input type="text" name="LastName" id="LastName" pattern="[A-Za-z0-9\s]{1,50}"/>
    <br/>
    <label for="username" class="formLabel">User Name</label>
    <input type="text" name="username" id="username" pattern="[A-Za-z0-9\s]{1,50}"/>
    <br/>
    <label for="Email" class="formLabel">Email</label>
    <input type="text" name="Email" id="Email" pattern="[A-Za-z0-9\s]{1,50}"/>
    <br/>
    <label for="Password" class="formLabel">Password</label>
    <input type="text" name="Password" id="Password" />
    <div id='charCountLabel'></div>
    <input type="submit" id="studentSubmit" name="studentSubmit" value="Submit" class="btn" />
  </form>
</div>
</div>
</body>
</html>